Everything marketers should know about server-side tracking

Server-side tracking offers a number of advantages: The loading time of websites can be improved, dependency on cookies can be reduced, data quality and data protection compliance can be increased.

Server-side tracking therefore appears to be the solution for maximum data volume. But is that really the case?

The focus is on these three problem areas:

1. US data transfer: The legality of the transfer of personal data to the USA stands and falls with the validity of EU-US data protection framework agreements. If only anonymized data is processed, the problem is eliminated
2. Tracking blockers: 10 to 20 percent of users use browser extensions such as Ghostery or Adblock Plus, but calls from their own domains are not prevented.
3. Cookie restrictions: 3rd party cookies are completely blocked by many browsers and client-side 1st party cookies from tracking services are limited to a maximum of 7 days. 1st party cookies set by the server are excluded from Intelligent Tracking Protection (ITP).

Let’s take a closer look.

Client-side versus server-side web analytics method

Classic web analysis is based on the client-side tracking method. Implementation is comparatively simple thanks to tag management solutions or integrated tag management functions of individual services.

However, ensuring a sufficient database and reliable data quality is now a major challenge for marketers. This is because a large proportion of the data may be lost or distorted due to tracking protection measures and the legal obligation to obtain consent under the GDPR and TTDSG.

The principle of server-side tracking is that a direct connection between the user’s device and the actual tracking services is avoided and the data is anonymized or pseudonymized before being passed on.

However, consent management can only be dispensed with here too if no data such as the screen resolution is read from the end device and no cookies are set for statistical or marketing purposes and complete anonymization takes place before forwarding or storage. For example, the server-side Google Tag Manager records the screen resolution by default and therefore always requires prior consent.

In addition, the 1st party server may not be operated in an environment (cloud) that is managed by a provider from the USA, even if the servers are located in a European data center. This is because the process of anonymization is also data processing according to the GDPR. This means that infrastructure providers such as Google, AWS, Azure and Cloudflare are likely to be excluded.

Ideal versus reality

Once you look behind the facade of the promises of salvation for server-side tracking, the challenges quickly become apparent. And these are not only due to the complex technical implementation:

1. 1st party cookies that are not absolutely necessary on the client side also require consent. It does not matter whether, among other things, necessary purposes are also pursued. Necessity must always be assessed from the user’s perspective and not in terms of more convenient integration or configuration for the marketer. And once consent is required, much of the data is lost and the rest can be heavily skewed, as consent rates usually vary by channel and campaign.

2. the issue of complete anonymization of data is not so easy to implement in practice. Just anonymizing the IP address is definitely not enough!

The General Court of the European Union requires that it must not be practically feasible for data recipients to re-identify the data subjects (General Court, judgment of 26.04.23, AZ: T 557/20). To do this, all client, device, user and session IDs, especially those of the marketing platforms, must be deleted or transformed. The user agent and a timestamp may be enough for Google and Meta to identify a natural person. Google signals must not be activated under any circumstances, as this creates a link to the user’s Google account, which of course makes it possible for Google to re-identify the user as the data recipient.

With the server-side Google Tag Manager, data can be transformed, but only to a limited extent, so that complete anonymization is not possible. This is shown by a comparison of the data in the transformation settings:

3. a complete anonymization of the data is accompanied by significant functional limitations up to complete inoperability. Without Google Signals, no information on age, gender and interests is provided. Remarketing is also not possible without user IDs. It is therefore a myth that marketing tools can simply be reused.

Client-side versus server-side conversion tracking

Instead of setting up the complete web analysis on the server side, it is also possible to manage only the exchange with the marketing platforms for conversion tracking via a server-side exchange.

With server-side conversion tracking, only minimal, precisely defined data records are uploaded to US advertising platforms. As a rule, only click IDs are used as identifiers, which only enable mapping to campaigns, but not to individual users, and therefore do not fall under personal data and thus avoid the problems with US data transfer.

This means that marketers can continue to manage and optimize bids based on conversions and sales. Tools such as Google Ads can be used as usual. The conversion upload to the marketing platforms can be automated daily after a one-time setup.

The use of conversion tags from Google, Meta & Co. is currently illegal due to the US transfer problem. Even if a new EU-US agreement were to be concluded that would be valid, the general consent obligation would still remain. This means that conversions may only ever be measured after consent has been given, as the legitimate interests of the data subjects prevail in data processing. Depending on the consent rate, 50 – 80 % of the conversion information is lost as a result. In addition, the measured conversions are usually distorted and therefore misleading, as the consent rates usually vary greatly between channels and campaigns. In addition, ad and tracking blockers lead to further data loss. And last but not least, Apple is putting a stop to customer journey tracking with Intelligent Tracking Protection by limiting the cookie runtime to 24 hours regardless of consent for ads.

With server-side conversion tracking, all these limitations can be avoided and reliable data quality can be ensured. This provides the platforms’ optimization algorithms with sufficient and unadulterated data, which ensures efficient advertising management.

Hybrid server and client-side tracking

Completely anonymous tracking on the server side is hardly possible in practice. At the same time, ensuring data quality in times of content-related data loss, tracking blocking and browser protection measures is a fundamental challenge for data-driven marketing.

It’s all in the mix: The combination of consent-independent, cookie-free and data protection-friendly client-side session tracking and server-side conversion tracking allows all these challenges to be mastered easily and sustainably.

All visits and conversions can be recorded thanks to the exemption from the consent requirement. When using your own tracking domain, also with protection against tracking blocking. In addition, 1st party cookies are set on the server side with consent.

The automatically anonymized conversion data can be transmitted to US marketing platforms without hesitation, as can reporting data in US solutions such as Looker Studio or Power BI.

Set up server-side conversion tracking

To set up server-side conversion tracking in etracker Analytics for Google Ads, only the following steps need to be carried out:

1. Install tracking code for etracker Analytics manually or via plugin.
2. If necessary, create individual conversion actions that are not recorded via auto-tracking (e.g. via CSS selector events without coding).
3. Copy & paste Google Ads campaigns with suffix parameters.
4. Set up Google Ads Upload once by creating the conversion action(s) and storing the individual upload URL from the etracker Analytics account.

Done!

Conclusion

Hybrid server and client-side tracking increases data quality and at the same time avoids legal risks through direct connection to US services. Implementation takes just a few minutes and is affordable for even the smallest websites from 19 euros per month.

---